CVE-2023-36391
published 2023-12-12CVE-2023-36391: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
PriorityP345high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
7.24%
93.5th percentile
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_23h2 | < 10.0.22631.2861 | 10.0.22631.2861 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22621.2861 | 10.0.22621.2861 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.2861 | 10.0.22631.2861 |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
vendor_msrc·2023-12-12·CVSS 7.8
CVE-2023-36391 [HIGH] CWE-59 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
Reference: https://support.microsoft.com/help/5033375
GHSA
GHSA-q28x-8jvc-pp88: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-12-12
CVE-2023-36391 [HIGH] GHSA-q28x-8jvc-pp88: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
Trendmicro
The December 2023 Security Update Review
blogs_trendmicro·2023-12-12
The December 2023 Security Update Review
# The December 2023 Security Update Review
Get the December 2023 security update and review.
By: Zero Day Initiative
2023/12/12
Read time: ( words)
Save to Folio
It’s the final patch Tuesday of 2023, and Apple, Adobe, and Microsoft have released their latest security offerings. Take a break from your holiday hustle and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
Apple Patches for December 2023
Apple kicked off the December release cycle with patches for iOS and iPadOS with eight CVEs. Two of these CVEs in Webkit are reported as being under active attack on iOS versions 16.7.1 and older. If you’re using an older iPhone or iPad, you should definitely update your device immediately. If you’re using a dev
Qualys
Microsoft and Adobe Patch Tuesday, December 2023 Security Update Review
blogs_qualys·2023-12-12
Microsoft and Adobe Patch Tuesday, December 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for December 2023
Adobe Patches for December 2023
Zero-day Vulnerability Patched in December Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Qualys Monthly Webinar Series
Microsoft has wrapped up the year with fewer security updates released in its Patch Tuesday, December 2023 edition. We invite you to join us to review and discuss the details of these security updates and patches.
## Microsoft Patch Tuesday for December 2023
In this month’s Patch Tuesday edition, Microsoft ha
Qualys
Qualys Review: Microsoft and Adobe December Security Patches | Qualys
blogs_qualys·2023-12-12
Qualys Review: Microsoft and Adobe December Security Patches | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for December 2023
- Adobe Patches for December 2023
- Zero-day Vulnerability Patched in December Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- Qualys Monthly Webinar Series
Microsoft has wrapped up the year with fewer security updates released in its Patch Tuesday, December 2023 edition. We invite you to join us to review and discuss the details of these security updates and patches.
## Microsoft Patch Tuesday for December 2023
In this month’s Patch Tuesday edition,
Bleepingcomputer
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
blogs_bleepingcomputer·2023-12-12·CVSS 5.5
[MEDIUM] Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
## Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
## Lawrence Abrams
10 Elevation of Privilege Vulnerabilities
8 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities
The total count of 34 flaws does not include 8 Microsoft Edge flaws fixed on December 7th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5033375 cumulative update and Windows 10 KB5033372 cumulative update .
## One publicly disclosed zero-day fixed
This month's Patch Tuesday fixes one AMD zero-day vulnerability disclosed in August that previously remained unpatched.
The ' CVE-2023-20588 - AMD: CVE-2023-20588 AMD Speculative Leaks ' vul
Zscaler
Zscaler found Windows Security Vulnerabilities | 12-12-2023
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Windows Security Vulnerabilities | 12-12-2023
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2023-12-12
Published